[Snort-users] bittorrent generating alerts

Daniel Guido infiniteedge at ...1936...
Thu Nov 6 02:59:16 EST 2003


im running a fairly standard install of snort, no heavy customizations. 
  i seem to be getting a lot of [executable code detected] whenever 
bittorrent is running.  its annoying because its priority 1 alerts.  how 
do i write a rule (i guess a pass rule?) for bittorrent?

second, what is the best way to output your logs ON WINDOWS?  i was 
dumping them into a mysql database, but i had trouble with the 
post-processing.  acid has too many freakin dependencies.  so it to 
syslogd and got eventsentry to email me priority 1 alerts.  but theres 
very little data in the emails.  i've been using -b so i get tcpdump 
logs and looking at them in ethereal, but sometimes theyre just too 
cryptic or dont contain enough of the session for me to tell whats going 
on.  i still dont know how im being attacked!?  somebody help!

dan
ps.  thank you




More information about the Snort-users mailing list